Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Container Registry is a managed registry service based on the open-source Docker platform. Create and maintain Azure container registries to store and manage your container images and related artifacts.
Use container registries with your existing container development and deployment pipelines, or use Azure Container Registry tasks to build container images in Azure. Build on demand, or fully automate builds with triggers such as source code commits and base image updates.
Azure provides tooling like the Azure CLI, the Azure portal, and API support to manage your container registries. Optionally, install the Container Tools extension for Visual Studio Code. You can use this extension to perform tasks such as pulling and pushing images to your registry, all within Visual Studio Code.
Container registries are available in three tiers (SKUs): Basic, Standard, and Premium. Each tier supports common features such as webhook integration, registry authentication with Microsoft Entra ID, and delete functionality. Premium registries support additional capabilities and have greater storage and limits. For more details about the different tiers, see Azure Container Registry SKUs.
Take advantage of local, network-close storage of your container images by creating a registry in the same Azure location as your deployments. The geo-replication feature of Premium registries supports advanced replication and container image distribution across geographies.
Container registry deployment targets and workflows
Pull images from an Azure container registry to various deployment targets:
- Scalable orchestration systems that manage containerized applications across clusters of hosts, including Kubernetes, DC/OS, and Docker Swarm.
- Azure services that support building and running applications at scale, such as Azure Kubernetes Service (AKS), App Service, Batch, and Service Fabric.
Developers can also push to a container registry as part of a container development workflow. For example, you can target a container registry from a continuous integration and continuous delivery (CI/CD) tool such as Azure Pipelines or Jenkins.
Configure Azure Container Registry tasks to automatically rebuild application images when their base images are updated, or automate image builds when your team commits code to a Git repository. Use tasks to extend your development inner loop to the cloud by offloading docker build operations to Azure, or configure build tasks to automate your container OS and framework patching pipeline. Create multi-step tasks to automate building, testing, and patching container images in parallel in the cloud.
Supported images and artifacts
When images are grouped in a repository, each image is a read-only snapshot of a Docker-compatible container. Azure container registries can include both Windows and Linux images. You control image names for all your container deployments.
Use standard Docker commands to push images into a repository or pull an image from a repository. Azure Container Registry stores Docker container images and related content formats such as Helm charts and images built to the Open Container Initiative (OCI) Image Format Specification.
Container registry security and access
You authenticate to a registry by using the Azure CLI or the standard docker login command. Azure Container Registry transfers container images over HTTPS, and it supports TLS to help secure client connections.
Control access to a container registry by using an Azure identity, a Microsoft Entra service principal, or a provided admin account. Use Azure role-based access control (RBAC) to assign specific registry permissions to users or systems.
Security features of the Premium service tier include content trust for image tag signing, and private endpoints (preview) to restrict access to the registry. Microsoft Defender for Cloud optionally integrates with Azure Container Registry to scan images whenever you push an image to a registry.